Chip-and-PIN Credit Cards and The Deadline: Here’s What You need To Know

Today, 1st October 2015, is the deadline for US-based Banks and Retailers to roll out Chip-embedded Credit Cards (powered by EVM Technology) to customers that will make transactions more secure.

Starting Thursday, Merchants must have new Payment Terminals installed to accept Chip Cards in their stores or restaurants. Otherwise, they will be responsible for credit card frauds.

Stephanie Ericksen, Visa’s Vice President Risk Products said, “That’s the date by which if a merchant doesn’t have a chip terminal, and a counterfeit card is used at that location, they may be liable for that fraud on that transaction.

60% Customers Still have Old Credit Cards

However, If you have not received a new credit card with chip technology, don’t worry, you are not alone.

According to latest stats revealed by MasterCard, 60% customers still have Old Credit Cards based on Magnetic Stripe Technology, and it could take next 2-3 years to transform the whole payment system.

The number of chip cards in the U.S. from these issuers will grow to 60 percent by the end of this year, expanding to 98 percent by the end of 2017 MasterCard said.

In the wake of numerous high-profile Data breaches, including Target, Neiman Marcus or The Home Depot, and increasing rates of Credit Card Fraud, the Payment Card distributors are migrating to this new technology to reduce the costs of Frauds.

Traditional Magnetic Stripe cards transmit your account number and secret PIN to merchants, which could be easily hacked by fraudsters and cyber criminals.

Whereas, In case of Chip-n-PIN EMV Card, Embedded microchip stores your data in encrypted form and only transmits a unique code (one-time-use Token) for every transaction, making it difficult for cyber criminals to use the card for counterfeit fraud.

Thus, the need to bring the Chip-n-PIN technology as soon as possible was intended. To elaborate more on Chip and PIN Smart Payment Cards, they are capable of:
Initiating Two-factor authentication (2FA) by applying Tokenization process.
Decreasing card Counterfeit rates.
Contactless card reading.
Eliminating the Card swipe method by enabling Card Dipping- putting the card into a terminal slot and waiting for it to sense and process.

Also, if these EMV cards get stolen, the information on the chip gained by an attacker will be of no use because the stolen transaction number created in that instance is unique and cannot be reused and after dipping it will deny the card.

This New Payment Card can be called by various names, such as:
Smart card
Chip card
Smart-chip card
Chip-enabled smart card
Chip-and-choice card (PIN or signature)
EMV smart card
EMV card
Chip and Dip card

Is Chip and Pin Technology Safe Enough?

Well, all anti-cloning theories are already proven wrong by security researchers and hackers.

Check out some previous articles posted on The Hacker News about hacking Chip-and-Pin cards :

Also, for online usage, neither a PIN nor a Signature is required, so just stealing credit card numbers is sufficient to use them for Fraud.

Future of Payment Cards

Moreover, as a solution, mobile payment and digital wallet services like Apple Pay and Google Wallet can be promoted by adopting more robust security mechanism and protocols; and making monetary transactions more safe and easy.

Another solution could be considered as the use of multiple factor authentication methods like Biometrics.

Also, you can take a sneak peak into this Video, where Jerry Irvine, member of the U.S. Chamber of Commerce Cyber Security Leadership Council and CIO of Chicago-based Prescient Solutions, in an interview with Slashdot Media discusses the new technology and its principles that promise safe payment practices.

About the author

Researcher and Technical Writer at The Hacker News. An Information Security Consultant and System Auditor, a keen Security Evangelist for all forms of Cyber Security and Denotational Counter Hack Requirements of the Industry, Academia and Society.


Recent Posts